Manuals / 3Com / Computer Equipment / Switch

3Com 3CRWX120695A WXR100, 3CRWXR10095A manual Viewing and Configuring 802.1X Network Access Rules

Models: 3CRWXR10095A WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100

1 516

Download 516 pages 50.11 Kb

Page 307

Viewing and Configuring 802.1X Network Access Rules 307

2Specify whether the rule is for wireless access to an SSID or access through a wired authentication port:

If the rule is for access to an SSID, do one of the following:

To match on any SSID name, leave the value any in the SSID box.

To match only on a specific SSID name, select or type the name in the SSID box.

If the rule is for access through a wired authentication port, select Wired.

CAUTION: The default SSID name any matches on all SSID names. If the SSID box contains any and you do not change the SSID name, the authentication rule allows clients who match the userglob to access any SSID.

3Type the userglob that is allowed to use 802.1X to access the SSID or wired authentication port.

A user glob is a string containing wildcards that matches on one or more user names. Type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method.

For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all usernames whose usernames contain periods.

For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com. The user glob sydney@engineering.example.com specifies the user sydney in the engineering department at example.com.

4Click Next.

5Select the EAP type from the EAP Type drop-down list:

EAP-MD5—Extensible Authentication Protocol (EAP) with message-digest algorithm 5. Select this protocol for wired authentication clients.

Uses challenge-response to compare hashes.

Provides no encryption or integrity checking for the connection.

Image 307

3Com 3CRWX120695A WXR100, 3CRWXR10095A, WX4400 3CRWX440095A WX1200 manual Viewing and Configuring 802.1X Network Access Rules

Contents

WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A Wireless LAN Mobility SystemUnited States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USAContents Enabling Keyboard Shortcut Mnemonics Windows XP Only Getting Started131 125 Placing Third-Party Access Points186 Configuring Snmp 187 175 Launching a Web Management Session with the Switch 176233 Resetting CoS Mapping to their Default Values258 241 Configuring an 802.1X Wireless Service 242244 247320 299 Creating a Radius Server Group 300316 319347 337Example 3 Deployment Site Has DNS But No Dhcp WX File Management Options Devices Tab356 Enabling or Disabling Management of a Switch by 3WXMViewing the Operation Log 358 Generating a Radio Details Report 395 Applying Policy Changes to Switches 375375 394439 Generating a Site Survey Order Generating a Work Order410 Displaying 802.11 Coverage 412468 465Register Your Product 507 496Page List conventions that are used throughout this guide ConventionsIcon Description Documentation Pddtechpubscomments@3com.com CommentsExample Requirements for 3WXM client 3WXM Client Hardware RequirementsHardware Requirements for Running 3WXM Client Number Radios WX Switches 50+ WX Switches Hardware Requirements for 3WXM Monitoring ServiceHardware Requirements for Running 3WXM Monitoring Service Hard drive space Available Monitor resolutionUser Privileges InstallationSoftware Preparing forInstalling 3WXM Installing 3WXM Installing 3WXM Click Uninstall Click Continue Plan is displayed by the 3WXM client OverviewDisplay Panels Display Panels Alert Category Description AlertsRogue Detection AlertsReviewing and Deploying Switch Configuration Changes Saving or Discarding Configuration ChangesConfiguration Wizards Working with the 3WXM User Interface Resize Icons Properties DialogsOption Description Menu Option Description 3WXM Menu OptionsMenu Option Description 3WXM Tool Bar OptionsConfiguration Verification Organizer Panel Copying, PastingDeleting ObjectsReplace Organizer Panel Copy and Paste Content PanelWindows XP Only Enabling KeyboardShortcut MnemonicsEnabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Managing network plans, and defining a Mobility Domain Switch Manager 3WXM, restricting access to 3WXM, creatingFollowing steps describe how to start 3WXM Starting 3WXMNext Starting 3WXM Getting Started Restricting Access to 3WXM Accounts Working with Network Plans Creating a Network To create a network plan PlanPlans 3WXM installation directory on the 3WXM Services hostCan also share a network plan with others Saving a Network Plan with a New Name Managing Network Plans Plan Managing Network Plans To disable notification Defining a Mobility Domain Protocol Port Function Traffic Ports Used for AAA Servers and Management ServersCreating a Creating a WX SwitchThird-Party AP Working with Network Plans Country Code Auto-TuningSettings to ChangingClick Next Click Finish Uploading a WX Switch into Network PlanConverting Auto DAPs into Statically Configured APs Affinity Value Assigned To Affinities for Network Domain SeedsRF Planning Toolbar icons available in RF Planning Tools RF Planning Overview Modifying a Site Creating orTo create or modify a site Creating or Modifying a Site Modifying Buildings in a Site Creating or Modifying Buildings in a Site Planning the 3COM Mobility System Modifying Floors Drawing Floor Importing orDetails To prepare a drawing before importing it into 3WXM Planning the 3COM Mobility System Importing or Drawing Floor Details Operating Tips Useful AutoCAD Operations and Naming-ConventionsCommon AutoCAD Layer Names Importing the Drawing Floor Plan After Importing To crop the paper spaceFloor Plan After Cropping To adjust the scaleOrigin point To adjust the origin pointNew location of origin point Shows the same floor plan as after hiding unnecessary layers Hiding LayersMoving an object from one layer to another Adding or removing a layerTo clean up a drawing Importing or Drawing Floor Details Planning the 3COM Mobility System Object Action To draw an objectPlanning the 3COM Mobility System To create RF obstacles for an area in a drawing To create RF obstacles for all objects in a layerTo use the Create RF Obstacle Dialog box To create RF obstacles by grouping objectsCreate RF Obstacle dialog box is shown in Figure Drawing RF Obstacles 3WXM supports concave polygons. a concave Specifying the RF Characteristics of a Floor Adding LOS Points Site Survey RecommendationsTo import LOS points from a file Specifying the RF Characteristics of a Floor Planning the 3COM Mobility System To create LOS points in 3WXM Click Next. The radio configuration page appears Specifying the RF Characteristics of a Floor To delete an LOS point To move an LOS pointGenerating a Site Survey Order Click Generate Importing RF Measurements Click Next Applying the RF Measurements to the Floor Plan To create a wiring closet Planning the 3COM Mobility System Shows an example of shared coverage areas Shared Coverage AreasUnsupported Shared Coverage Area Example Drawing a Coverage AreaObject Action Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Specifying Floor Properties for the Coverage Area Click Next. The Floor Properties page appearsSpecifying Default Device Settings for the Coverage Area Planning the 3COM Mobility System WX4400 switches support indirect MAP connections only Configuring Capacity Calculation for Data Configuring Capacity Calculation for Voice Planning the 3COM Mobility System Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Place tab Creating and Placing An Icon for a Third-Party Access PointAP Icon to its Floor LocationPlanning the 3COM Mobility System Placing Third-Party Access Points Planning the 3COM Mobility System Plan Placing InstalledAuto-Configured MAPsPlanning the 3COM Mobility System To specify design constraints WX4400 switches support indirect MAP connections only Computing MAP Placement To compute and place MAPs To review coverage area computation Go to To review coverage area computationPlanning the 3COM Mobility System To lock a MAP Locking and Unlocking MAPsChannel Assignment to Minimize Co-Channel Interference To assign channelsComputing MAP Placement Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Resolving coverage gaps Verifying the Wireless NetworkTo place an RF measurement point „ To list disabled access points, select Show Disabled MAPs To use the RF interactive measurement mode Signal strengths for any location on the floorRF Measurement Information Shows the information available in the RF measurement tableValue To generate a work order report Generating RFNetwork Design InformationClick Generate Work Order Parameters WX Switch Configuration ObjectsCategory Object Type Description WX Switch Object TypesWX Switch Object Types AAA Creating a WX Switch Using the Create Wireless Switch Wizard Adding a WX Switch to the Network PlanClick Management Interface Configured Switch Network PlanClick WX Associations Configuration FileReviewing Configuring BasicSettings AdvancedPassword is encrypted when you type it Click Next Using the Create Wireless Switch WizardConfiguring WX System Parameters To set up a switch „ V2c Setting Up a Switch „ 11b „ 11g Modifying Basic Switch Parameters Select the model from the drop-down list Click OK Changing the WX To change the WX software versionSoftware Version ModelInformation To convert an Auto DAP To delete an Auto DAP Viewing Port Settings Viewing Changing Port SettingsSettings Enabling Link Notifications Click Properties Select Snmp Link Traps Click Next Configuring WX System Parameters Viewing and Changing Port Settings Configuring WX System Parameters Viewing and Changing Port Settings Select Port Groups Viewing Port Groups To view port groupsClick Properties Content panel, select the row for the port groupCreating a Port Group To create a port group GroupViewing 3WXM, Https is always enabled and listens on portManagement Service Settings Select Management ServicesViewing and Changing Management Settings Task List panel, select Community Configuring an Snmp V1 or V2c Community StringConfiguring a USM Snmp V3 User Configuring WX System Parameters Configuring a Notification Target Configuring a Notification ProfileClick Properties Community string names are transmitted in clear text Configuring WX System Parameters Select the object you want to modify Configuring 3WXM Services as a Notification TargetTask List panel, select 3WXM Notification Target Community string names are transmitted in clear text Click Finish Trace Settings Setting LogViewing Log Settings To view log settings Configure logging to the console Creating a Trace Area Creating an External Log ServerStatic routes Configuring IPServices Settings SettingSelect IP Services You cannot use the word all as the name of an IP alias Select IP Services Select IP Services Users and VLANs Configuring VLANsViewing VLANs To view VLANs Roaming and VLANsConfiguring WX System Parameters Viewing and Configuring VLANs To tag a port or port group, select the Tag checkbox Changing STP Port Settings in a Vlan Click OK Enabling STP Fast Convergence Features Configuring WX System Parameters Configuring Static Multicast Ports Click Properties Viewing and Configuring VLANs A Vlan Restricting LayerSelect Dhcp Server to enable it on the Vlan Server that stores confidential salary information Configuring ACLsLast ACE of an ACL Viewing ACLs To view ACLs To configure an ACL IP Protocol Number Configuring WX System Parameters „ 0 normal-Packets with normal TOS defined are filtered To enable the hit counter for an ACE Configuring Advanced ACL SettingsTo change the hit sample rate Icmp Message Type Number Code Number To enable the established option for TCP ACEsTo specify the type and code for Icmp ACEs Icmp Messages and CodesAdding a New ACE to a Configured ACL Viewing and Configuring ACLs Individual ACE from an ACL Mappings Changing CoSMappings Mapping Setting a Range Dscp Values to a Configuring WX System Parameters Viewing Configuring Wireless Services Service Profile Parameters Service ProfilesService Profile Parameters Service Profile Type Access Rule Type Default Access Glob Access RulesViewing and Configuring Wireless Services „ Local EAP-TLS-EAP with TLS Services Viewing Wireless To view wireless servicesSelect Wireless Services „ WPA Select the EAP type Configuring Wireless Parameters „ WPA Configuring Wireless Parameters Web-Portal WebAAA Service „ Static WEP Click Next Viewing and Configuring Wireless Services Access Service „ WPA Go to step Click Finish WPA, RSN Tab Service Profile TabBroadcast Settings Tab Authorization Attributes TabStatic WEP Tab Radio Profile Selection Tab Voice Configuration TabClient Timeout tab lists settings for client session timers Client Timeout TabRate Configuration Tab Viewing and Configuring Wireless Services Soda Tab Click Properties Modifying Encryption Settings Viewing and Configuring Wireless Services Modifying Access Rules Profiles Configuring RadioSelect Radio Profiles Profile Creating a Radio To create a radio profileRadio Profile Tab Click Reset To DefaultAttributes Tab Auto Tune Tab Radio Selection Tab Service Profile Selection TabAuto-DAP Profile Profile SettingsProfile Settings Viewing and Changing the Auto-DAP Profile See Deleting Auto DAPs on Configuring MAPsDAPs into Statically Configured DAPs Deleting Auto DAPs Through radio signalsMaximum MAPs Supported Per Switch Viewing the To view the configured MAPsConfigured MAPs Select Access Points„ 112233445566778899aabbccddeeff00 Transmit Power box, specify the transmit power for the radio To configure a directly connected MAP Channel Number list, select the channel number for the radio Click the plus sign next to Wireless Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Select Radios ConfiguredViewing Radio To view radio settings Changing RadioOUI List Detection SettingsChanging RF Select RF DetectionEdit the MAC address in the MAC Address box Click OK ListCountermeasures Select RF Detection Select Enable AP Signature Configuring Wireless Parameters Database CreatingManaging Users Local UserGroups in the Local Database You can create two types of users in the local databaseUser Creating a Named To create a named userSelect Local User Database Group and Assigning Users To It Creating and Managing Users in the Local User Database Task List panel, select MAC User Group Encryption-type Authentication Attributes for Local UsersEnd-date Filter-id Idle-timeoutMobility-profile Session-timeout Service-typeSsid Start-date , end-date , or both Start-dateTime-of-day wk0900-1700,sa2200 Time-of-dayTime-of-day tu1000-1600,th1000-1 600Url Radius SettingsGroup A 3Com Mobility SystemServer Settings, Servers, Server GroupsSelect Radius Click Next Viewing and Configuring Radius Settings To change default values for Radius parameters Select Configuring Global802.1X Settings 802.1X SettingsAttempts Click Save Rules Network AccessNetwork Access Rules Select 802.1X Access RulesViewing and Configuring 802.1X Network Access Rules „ Local EAP-TLS-EAP with TLS Viewing and Configuring 802.1X Network Access Rules Network Access Rule Configuring MACSelect MAC Access Rules Viewing and Configuring MAC Network Access Rules Page Viewing Web AAA To view Web AAA network access rules Viewing Configuring WebAAA Network Access RulesCreating a Web AAA To create a Web AAA network access rule Viewing and Configuring WebAAA Network Access Rules Select Last Resort Access Rules Viewing Configuring Last-Resort Network Access RulesTask List panel, select Last Resort Network Access Viewing and Configuring Last-Resort Network Access Rules Select Admin Access Rules Configuring WXAdministrator Administrator Access RulesRule for Console Access Rule for Telnet or SSH Access Viewing and Configuring WX Administrator Access Rules Support for Configuring AAAUsers Viewing and Configuring AAA Support for Third-Party AP Users Port Connected to Third-Party AP Proxy for a ClientSelect Location Policy Changing LocationPolicy Rules Policy RulesPolicy Rule Creating a Location To create a location policy ruleViewing and Changing Location Policy Rules Profiles Changing MobilitySelect Mobility Profiles Viewing and Changing Mobility Profiles Page Remotely Drop Ship WXR100 Only How Remote WX Configuration WorksShows the location of the Fn switch and the LED Staged WX „ The network plan containing the WX switches must be open „ 3WXM must be installed and 3WXM Services must be running3WXM Requirements Configuration by Switch forStaging a WX Configure an IP interface on the Vlan Enable the auto-config optionSave the configuration changes Power off or restart the switchEnable the MSS DNS client Configure DNS server informationWX4400# set ip dns domain examplecorp.com WX4400# save config Configuration with Configured SwitchCompleting its At the remote office Replacing a SwitchReusing its Replaced switch’s configurationEnabling How Switch Replacement WorksReplacement To enable replacement of remote switchesTo replace a switch WX File Document where the options are describedOptions Devices Tab Switches in the network planWX File Management Options in 3WXM Task Option Description Group Devices TasksTask Task Option Group Description Task Task Option Group Changes Configuration ChangesSynchronizing Local NetworkNetwork Changes Undoing Local or To undo local or network changesTo immediately deploy local changes Nonmatching To schedule deployment of local changesTo synchronize the changes, do one of the following To add a system image Repository. Images are storedTo delete a system image To schedule installation of an image on WX switches To immediately install an image on WX switchesTo reboot MAPs without rebooting the switch Rebooting WX Switches or MAP Access PointsYou can use 3WXM to reboot WX switches and MAPs To reboot WX switches and the MAPs they are managingManagement of a Switch by 3WXMEnabling or DisablingTo display the operation log Canceling aOperation Log Scheduled OperationTo import a configuration Importing Exporting Switch Configuration FilesTo export a configuration Alerts panel To modify configuration polling optionsModifying Change PollingManaging WX System Images and Configurations Changes Toolbar Options on Verification Tab To disable a specific instance of a warning or error To resolve an error or warningSelect the warning or error message To change verification options To globally disable a warning or errorOr for specific instances To disable or reenable a ruleVerifying Configuration Changes Distributing PKS #12 files „ 802.1X-EAP certificate for a WX switch„ WebAAA certificate for a WX switch When 3WXM connects to 3WXM Services or a WX switch,Certificates ProcessingTo process a certificate Select Tools Certificate Management ManagingCertificate that is stored in the 3WXM certificate store To review certificate detailsCertificates to WX SwitchesOr more WX switches DistributingPolicies To view policies Access the Create Policy wizardViewing Policies Creating a PolicyChanges to Switches Feature Settings PolicyApplying Policy AAA Features Feature CategoriesFor This Feature Area See System Features Wireless FeaturesEvent Log DisplayingToolbar Options Filtering Event Refreshing EventData Reviewing EventTo filter messages by content Using the Event LOG Severity To export filtered data Generating Reports Client Errors Configuration reportsMobility Domain Configuration WX ConfigurationInventory Report Sections Generating anInventory Report To generate an inventory reportMobility Domain Generating aReport WX Configuration Report Sections Configuration ReportSummary Report Details Report Click Generate Errors Report „ Session Properties „ Location History Network usage report lists network usage statistics Generating a Network Usage ReportSummary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Select the language „ English „ German Click View Work Order Switches and shows information based on those traps 3WXM Services regularly checks the status of the networkStatistics and the event log Monitoring AccessingTo access monitored data Requirements forUsing the Explore Window Monitoring the Network Toolbar Options in Link Display of Explore View „ Green UpIconDescription Toolbar Options in Floor Display of Explore View Lists the options on the toolbar in the floor displayToolbar Options in Floor Display of Explore View Monitoring the Network Using the Explore Window Monitoring the Network Display Option Coverage Display Options in Explore WindowTo take an RF measurement 3Com radio on the floorRssi measurements RF measurement point Click on the new measurement point. The measurement data is Using the StatusImmediately updated for the new measurement point Summary ViewToolbar Options in Client Monitor View Using the ClientMonitor View On the networkData Displayed When a Mobility Domain or Site is Selected That you can double-click on the arrow to change Number of times authentication for a client failed Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Switch, MAP, or Radio is SelectedSsid Activity Details for Association Failure Activity Details for Authentication FailurePeap Activity Details for Authorization FailureColumnDescription Activity Details for Authorization SuccessfulHave been collected and will be transmitted to the new Activity Details for Disassociation Activity Details for Client ClearedActivity Details for Dot1x Failure Activity Details for Roam Data Displayed When a Mobility Domain is SelectedClient Sessions Columns When a Mobility Domain is Selected Data Displayed When a WX Switch, MAP, or Radio is SelectedSNR Displaying Session DetailsSession Properties Columns „ Updatedtoroam User is roaming. Session Session Statistics Columns Session Statistics Columns Adding a Client to the Watch List Clients on the watch list by MAC addressLocation History Columns Using the Client Monitor View Click Next. The search results appear „ natasha@example.comDisplaying the Client Watch List Details are displayed on the following tabs Location On the floor To display a client’s session GeographicalMonitoring the Network Session Using the RF Window Displaying RFRF Monitor RF Neighborhood Columns Bssid WindowRF Monitor Activity Log Columns RF Monitor Environment Columns StatisticsRF Monitor Environment Columns Can indicate interference from a non-802.11 device RF Trends ColumnsStatistics To access performance statistics from the networkMonitoring the Network Accessing Realtime Performance Statistics Viewing Current Data „ Octets In/Out „ Packets In/Out „ Errors In/OutViewing Historical Data Viewing Data in Percentages To export data to a file Exporting Performance DataMonitoring the Network Rogues Converting a rogue into a third party APThat truly are rogues IDS/DoS notifications Rogue Detection RequirementsSnmp Notifications for RF Detection Notification Type Description Rogue detection notificationsSnmp Notifications for RF Detection Detecting and Combatting Rogue Devices Rogue Detection Lists Detection Screen Using the RogueMain 3WXM tool bar Toolbar Options on Rogue Detection Screen To filter the rogue list Current, Current Hour, Current Day, and History Tabs Listeners Tab Activity Log TabActivity Log Columns Client Columns Clients TabLists the information displayed on the Clients tab Listeners ColumnsLocation Displaying aRogue’s GeographicalDisplaying a Rogue’s Geographical Location To add a device to the ignore list Into a Third Party Adding a Device toAttack List Converting a RogueTo remove a third-party AP To display the listList Configuring RFAdding a Rogue’s Clients to the BlackDetecting and Combatting Rogue Devices Importing the To import the measurements Importing RFMeasurements RF obstacle dataOptimizing a Network Plan Measurements to Floor Plan Locating a Coverage To locate a coverage hole Locating and FixingCoverage Holes Coverage holes by displaying coverageLocating and Fixing Coverage Holes Installed to Network Plan Preferences Values ResettingTools Preferences To change network options Changing NetworkSynchronization Changing User Interface OptionsWithin Window Style, select one of the following Click the Certificate Handling tab Changing ToolsCertificate Check onYou can change the following RF planning options Typical Client’s Transmit PowerChanging Options For RF PlanningDefining a Color from the Palette To Change a ColorDefining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter a Changing 3WXM Preferences Preferences Chapter B Changing 3WXM Services Preferences Stopping 3WXM ServicesServices Starting orTo connect to 3WXM Services Connecting to 3WXM ServicesStart 3WXM client Verify that the service is running on the server To complete the connection DataInformation, and access control to 3WXM Services Changing ServiceTo change service settings Changing WX WX connection settings control the timeout and retries forService will accept from the WX switches Click the WXs Connection Settings tabChanging WX Connection Settings Sources of Monitor Data Polling Interval is 5 minutes and cannot be changed Click the Monitoring Settings tabHttps//ip-addr Managing Network Plans Chapter B Changing 3WXM Services Preferences Backup Chapter B Changing 3WXM Services Preferences Purchase ServicesRegister Your ProductDownloads Access SoftwareTroubleshoot OnlineContact Us Latin America Telephone Technical Support and Repair Country Telephone NumberUS and Canada Telephone Technical Support and Repair Numbers IndexIndex Monitors WX switch performance SSH SavingIndex Index